Nytro Posted November 4, 2011 Report Posted November 4, 2011 Duqu Analysis & Detection Tool Released NSS engineers have developed a scanning tool that can be used to detect all DuQu drivers installed on a system. This tool was developed in the hopes that additional drivers can be discovered to allow us to learn more about the functionality, capabilities and ultimate purpose of DuQu. Based on layout of the drivers discovered so far, the NSS tool is capable of detecting 100% of drivers with zero false positives. Because it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered. Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required. Download:https://github.com/halsten/Duqu-detectorsVia: Duqu Analysis & Detection ToolSursa: Security-Shell: Duqu Analysis & Detection Tool ReleasedSursa: Quote
Flubber Posted November 4, 2011 Report Posted November 4, 2011 com/blog/2011/11/duqu-analysis-and-detection-tool.html]NSS will make available our own IDA Pro databases and complete reversed code for DuQu to bona fide researchers who wish to perform their own analysis of the code, scripts and dropped files.Sa speram la un `release' catre ... eh ... public?LE: Foarte interesant, mult hex xD (gluma!): https://raw.github.com/halsten/Duqu-detectors/master/DuquDriverPatterns.py Quote
